88 matches found
CVE-2021-47837
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47837
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47837
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47837
Markdownify 1.2.0 is affected by a persistent cross-site scripting (XSS) vulnerability that allows attackers to store malicious payloads in Markdown files. When a crafted Markdown file is uploaded and opened, embedded scripts can execute in the client context, with potential remote code execution...
PT-2026-3292
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
Markdownify security vulnerabilities
Markdownify is a minimal Markdown editor desktop application built using Electron by Amit Merchant as a personal development project. Version 1.2.0 of Markdownify contains a security vulnerability; this vulnerability stems from stored cross-site scripting in markdown files, which could lead to...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
EUVD-2025-202627
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
Server-side Request Forgery (SSRF)
Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...
Markdownify MCP Server 安全漏洞
Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server version 0.0.2 and earlier, which stems from a server-side request forger...
CVE-2025-65512
Markdownify MCP Server vulnerability CVE-2025-65512 affects markdownify-mcp v0.0.2 and earlier. The flaw is a Server-Side Request Forgery (SSRF) in the webpage-to-markdown conversion feature that can bypass private IP restrictions via hostname-based bypass and HTTP redirect chains, enabling acces...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
PT-2025-50494
Name of the Vulnerable Software and Affected Versions markdownify-mcp versions prior to 0.0.3 Description A Server-Side Request Forgery SSRF issue exists in the webpage-to-markdown conversion feature. This allows an attacker to circumvent private IP restrictions using hostname-based bypass and HT...
EUVD-2025-12476
Malicious code in bioql PyPI...
EUVD-2022-7414
Malicious code in bioql PyPI...